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CLAIMS 

1. A method for managing multiple user identities for a user of an electronic commerce (e- 
commerce) site, the method comprising: 

5 defining the e-commerce site as one or more security domains; and 

in response to a user's request to invoke an operation of the e-commerce site: 

determining a one of the one or more security domains to which the operation 
relates; 

performing one of a) creating a session and b) reusing a session for the user 
10 automatically in accordance with the determined security domain, said 

session associated with a user identity and a role indicating privileges for 
invoking operations of the e-commerce site in at least the determined 
security domain; and 

persisting said session for reuse. 

15 2. The method of claim 1 comprising invoking said requested operation with said user identity 
and role of said session. 

3. The method of claim 2 wherein the session comprises information indicating at least one of: 
the user preference's for invoking operations at the e-commerce site; the user's preferences for 
invoking operations at at least the determined security domain; and a security signature for 

20 authenticating the session information. 

4. The method of claim 1 comprising evaluating the requested operation to determine an 
operation type and wherein said step of performing is performed in accordance with the 
operation type. 

5. The method of claim 1 comprising receiving the user's request in association with one or 
25 more sessions persisted for the user and selecting a one of the sessions in accordance with said 

determined security domain; and wherein said performing is performed in response to said 
selecting. 
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6. The method of claim 4 wherein said user identity is associated with an identity type for 
permitting the invocation of operations; wherein said method comprises receiving the user's 
request in association with one or more sessions persisted for the user and retrieving a user 
identity for the determined security domain from said one or more sessions; and wherein said 

5 performing is performed in response to the identity type of the retrieved user identity. 

7. The method of claim 1 wherein said step of persisting comprises providing one or more 
cookies defining the session to the user for associating with a subsequent request. 

8. The method of claim 6 wherein the cookies comprise an authentication cookie and a session 
cookie; and wherein the method comprises authenticating the user's request. 

10 9. The method of claim 1 comprising: 

defining each of the one or more security domains as a hierarchy of organizations and 
assets owned by the organizations; and 

wherein said determining a one of the one or more security domains to which the 
operation relates comprises evaluating the user's request in accordance with the hierarchy. 

15 10. A computer program product having a computer readable medium tangibly embodying 
computer executable code for managing multiple user identities for a user of an electronic 
commerce (e-commerce) site defined using one or more security domains, the computer program 
product comprising code for: 

in response to a user's request to invoke an operation of the e-commerce site: 

20 determining a one of the one or more security domains to which the operation 

relates; 

performing one of a) creating a session and b) reusing a session for the user 
automatically in accordance with the determined security domain, said 
session associated with a user identity and a role indicating privileges for 
25 invoking operations of the e-commerce site in at least the determined 

security domain; and 
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persisting said session for reuse. 

11. The computer program product of claim 10 comprising code for invoking said requested 
operation with said user identity and role of said session. 

12. The computer program product of claim 11 wherein the session comprises information 
5 indicating at least one of: the user preference's for invoking operations at the e-commerce site; 

the user's preferences for invoking operations at at least the determined security domain; and a 
security signature for authenticating the session information. 

13. The computer program product of claim 10 comprising code for evaluating the requested 
operation to determine an operation type and wherein said code for performing is adapted to be 

1 0 performed in accordance with the operation type. 

14. The computer program product of claim 10 comprising code for receiving the user's request 
in association with one or more sessions persisted for the user and selecting a one of the sessions 
in accordance with said determined security domain; and wherein said code for performing is 
adapted to be performed in response to said selecting. 

15 15. The computer program product of claim 13 wherein said user identity is associated with an 
identity type for permitting the invocation of operations; wherein said computer program product 
comprises code for receiving the user's request in association with one or more sessions persisted 
for the user and retrieving a user identity for the determined security domain from said one or 
more sessions; and wherein said code for performing is adapted to be performed in response to 

20 the identity type of the retrieved user identity. 

16. The computer program product of claim 10 wherein said code for persisting comprises code 
for providing one or more cookies defining the session to the user for associating with a 
subsequent request. 

17. The computer program product of claim 16 wherein the cookies comprise an authentication 
25 cookie and a session cookie; and wherein the computer program product comprises code for 

authenticating the user's request. 
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1 8. The computer program product of claim 10 comprising code for: 

defining each of the one or more security domains as a hierarchy of organizations and 
assets owned by the organizations; and 

wherein said code for determining a one of the one or more security domains to which the 
5 operation relates is adapted to evaluate the user's request in accordance with the hierarchy. 

"> 

19. A system for managing multiple user identities for a user of an electronic commerce (e- 
commerce) site defined using one or more security domains, the system comprising: 

an identity manager component configured to, in response to a user's request to invoke an 
operation of the e-commerce site: 

10 determine a one of the one or more security domains to which the operation 

relates; 

perform one of a) creating a session and b) reusing a session for the user 
automatically in accordance with the determined security domain, said 
session associated with a user identity and a role indicating privileges for 
15 invoking operations of the e-commerce site in at least the determined 

security domain; and 

persist said session for reuse. 

20. The system of claim 19 wherein the identity manager component is adapted to invoke said 
requested operation with said user identity and role of said session. 

20 21. The system of claim 20 wherein the session comprises information indicating at least one 
of: the user preference's for invoking operations at the e-commerce site; the user's preferences for 
invoking operations at at least the determined security domain; and a security signature for 
authenticating the session information. 

22. The system of claim 19 wherein the identity manager component is configured to evaluate 
25 the requested operation to determine an operation type and adapted to perform said one of a) 
creating and b) reusing in accordance with the operation type. 



25 



CA920030029US1 



23. The system of claim 19 wherein the identity manager component is configured to receive 
the user's request in association with one or more sessions persisted for the user and select a one 
of the sessions in accordance with said determined security domain; and wherein the identity 
manager component is adapted to perform said one of a) creating and b) reusing in response to 

5 said selected one session. 

24. The system of claim 22 wherein said user identity is associated with an identity type for 
permitting the invocation of operations; wherein said identity manager component is adapted to 
receive the user's request in association with one or more sessions persisted for the user and 
retrieve a user identity for the determined security domain from said one or more sessions; and 

1 0 wherein said identity manager component is adapted to perform said one of a) creating and b) 
reusing in response to the identity type of the retrieved user identity. 

25. The system of claim 19 wherein to persist said session said identity manager component 
provides one or more cookies defining the session to the user for associating with a subsequent 
request. 

15 26. The system of claim 26 wherein the cookies comprise an authentication cookie and a 
session cookie; and wherein the identity manager component authenticates the user's request. 

27. The system of claim 19 wherein the e-commerce site is defines each of the one or more 
security domains as a hierarchy of organizations and assets owned by the organizations; and 
wherein said identity manager component is adapted to determine a one of the one or more 
20 security domains to which the operation relates by evaluating the user's request in accordance 
with the hierarchy. 
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